loader image
How to automate Create your own cybersecurity awareness assistant in 2 steps, in 5 minutes

How to automate: Create your own cybersecurity awareness assistant in 2 steps in 5 minutes

Hugo David

Today in How to Automate, we will learn how you can quickly set up a cybersecurity awareness assistant to help you spread the security word to your colleagues!

No matter how well you are armed to defend yourself against attackers, your first line of defense will be your employees. A hole in this line is enough to allow the attacker to gain a foothold in your networks and systems. Imagine attackers having their hands on an employee’s credentials. They have legitimate access to your organization’s networks, systems, and sensitive data.

Even though you would have enforced 2FA across the whole organization, we saw that, without proper awareness, 2FA is not an invincible barrier. 2FA flooding, as primary means, as it is, works. Not always, but large enough to have led to massive breaches last year. Once initial access is fulfilled, attackers can look for privileges escalation, and here again, in your in-depth defense strategy, your employees’ vigilance is critical. Someone asking for access in your #general channel should never be met.

It may sound like common sense, just as “do not click on URLs in emails coming from unknown email addresses”, but it isn’t because there is a context that influences employees. They may think they are giving out a hand, are stressed, and don’t think about possible consequences when performing the fatal action. That is human, we are influenceable animals, that is it, and it will always be.

To repeat, no matter how robust your security infrastructure is or the number and configuration of tools you have, a $10 million security stack won’t save you from having a permeable first line of defense. That is a fact.

This is why organizations, besides strengthening their cybersecurity infrastructure, also turn to awareness. It is as crucial as having an identity solution or an endpoint protection service. Even though the task of spreading the word to the organization is cumbersome and incredibly repetitive (you know, having to remind everyone that “mycityofbirth123!” is not a good password) makes you look like the boring person in the org, it has to be done because people have to be reminded. Repetition is key. Do you know why you still remember your times tables? Repetition.

Today, we are going to learn how to withdraw the toil of spreading cybersecurity awareness, albeit implementing a regular schedule. We will orchestrate 2 tools, OpenAI and Slack (or Teams, Google chat, or the other one you wish to use), and show how you can set up a monthly reminder to be sent to the whole organization in under 5 minutes.

Openai ChatGPT
OpenAI
slack integration mindflow
Slack

Creating a cybersecurity awareness assistant

A little bit more context and general chit-chat before diving into the How to.

The benefits of having a cybersecurity awareness assistant

As we saw above, spreading awareness and refreshing the basics is fundamental and will provide benefits such as:

  1. Compliance with regulations: Many industries are subject to specific regulations and standards that require organizations to maintain an ongoing cybersecurity awareness program. Regular training helps ensure compliance with these standards, avoiding potential penalties and legal issues.
  2. Enhanced risk mitigation: Regular training and reminders ensure that employees are aware of potential threats, making it less likely for them to fall victim to phishing, social engineering, and other cyberattacks.
  3. Stay up-to-date with the threat evolution: The cybersecurity landscape is constantly evolving, with new threats and vulnerabilities emerging regularly. A consistent awareness program enables employees to stay up-to-date with the latest developments, ensuring that they can adapt to the changing environment and maintain the organization’s security posture.
  4. Strengthening the human firewall: Fostering a proactive security culture within the organization encourages employees to be more vigilant and take personal responsibility for their online actions. In empowering employees with the knowledge and skills to recognize and respond to cyber threats, a regular cybersecurity awareness program strengthens the organization’s first line of defense – the human firewall.
  5. Protecting brand reputation: Finally, a robust cybersecurity awareness program will help prevent data breaches and other security incidents that could damage an organization’s reputation and customer trust.

Before diving in

Before diving into the technical how-to, ensure you have your OpenAI API ready, and your Slack API and App allowed to post on #general.

Here is a peek at the final Flow.

Cybersecurity awareness assistant - 1

First steps: Flow creation and Schedule

As always, start by creating the Flow, naming it other than the SEO-positive title “Schedule: Monthly security awareness post”… Then, choose your emoji. Just like me, you can take the snail!

Once the Flow is created, hop into it and start by setting up your scheduled trigger. To do so, click the calendar icon next to the Flow’s name to open the Scheduler.

Cybersecurity awareness assistant - 2

Your cybersecurity awareness assistant through OpenAI: Creating the OpenAI call

Let’s head to the steps-building part. It is going to be pretty quick. First, create a new step and select the OpenAI service. Once inside the available OpenAI actions, look for and cet “createCompletion” to create your OpenAI call.

Cybersecurity awareness assistant - 3

To configure it, follow these steps:

  1. Start by querying your OpenAI credentials in the “Settings” tab saved in the Vault.
  2. In the “Model” field, type text-davinci-003.
  3. In “Prompt”, hard-type your desired prompt. It is up to you to decide what has to be included. As starters, it could specify:
  1. The context: “As the Security officer, you want to write a friendly reminder about security best practices that employees should always follow.”
  2. Basic security sanity checks (what to look after when reading an email: source email address, hover above URLs before clicking on them, beware of urgency, etc.)
  3. Remind that employees are the organization’s first line of defense.
  4. Remind the password-related requirements enforced in your organization.
  5. Remind the incident’s first steps and that people will never be blamed for reporting an incident. Don’t try to hide something; it will be worse.
  6. And every instruction you think shall be mentioned.
  1. In “Max tokens”, type 2048.
Cybersecurity awareness assistant - 4

Posting the prompt to Slack

Once your OpenAI step is fully configured, dry-run it once to get the answer from OpenAI and the logs. After having done so, click the little square box next to the gear icon under the OpenAI step to create a new step. In the pop-over, select Slack and then get the chat_postMessage action. Once the action is created, configure it as such:

Cybersecurity awareness assistant - 5
  1. “Channel”: Type YOUR_CHANNEL_ID.
  2. “Text”: Type “/” to open up the Data Picker tool. Select the OpenAI call under STEPS. Then, inside the BODY of the answer, select choice/0, and Pick the text field.You may want to add additional content to this message, such as content you wouldn’t want to send to OpenAI: the Security team members’ email addresses and/or names that shall be contacted, for instance.
Cybersecurity awareness assistant - 6

Once done, your Flow is set! Trigger it manually to check if everything checks out, and go have a look at your monthly cybersecurity awareness post on #general!

Cybersecurity awareness assistant - 7

      One less thing to think about. On to other cybersecurity awareness tasks to automate!

      Start automating today

      Sign up for Mindflow to get started with enterprise hyperautomation.

      By registering, you agree to receive updates regarding Mindflow’s products and services and your account in Mindflow.

      The future of automation is just a login away 🚀

      Fill the form below to unlock the magic of Mindflow and be the first to try our feature . 

      USE CASE

      Phishing

      OpenAI icon

      OpenAI

      Slack

      Jira

      Jira

      Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.